<?php

	class Aml_Controller_Plugin_Auth extends Zend_Controller_Plugin_Abstract
	{

		public function preDispatch(Zend_Controller_Request_Abstract $request)
		{
			$loginController = 'index';
			$loginAction     = 'index';
			$errorController = 'error';

			$auth = Zend_Auth::getInstance();

			// User is logged in or on login page.
			if ($auth->hasIdentity()) $role = $auth->getIdentity()->user_role;
			else $role = null;

			$acl = new Aml_Acl();
			$registry = Zend_Registry::getInstance();
			$registry->set('acl', $acl);

			// role is a column in the user table (database)
			$isAllowed = $acl->isAllowed($role, $request->getControllerName(), $request->getActionName());
			if (!$isAllowed)
			{
				$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
 				$url = Zend_Controller_Action_HelperBroker::getStaticHelper('url');
				$redirector->gotoUrlAndExit('/');
			}
		}

	}

?>
